Setting up the Kubernetes Cluster Service Account Token

The below article takes you through on how to create a Kubernetes Cloud Provider with Service Account Token.

Steps :

1.) Login to the Kubernetes cluster :

2.) Use the below command to create a service account :

Below i have used the service account name as : test-account

kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
  name: test-account

Also if you already have the service account created then you can list it using :

kubectl get serviceaccounts

3.) Now you can further create the secret using :

Below i have used secret name as : test-account-secret and also specified the service account name.

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
  name: test-account-secret
  annotations: test-account

4.) Also you need to do the cluster role binding :

kubectl create clusterrolebinding test-account --clusterrole=cluster-admin --serviceaccount=default:test-account

5.) You can run this the below to obtain the service account token:

SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" -o json | jq -r '.secrets[].name')
TOKEN=$(kubectl get secret "${SECRET_NAME}" --namespace "${NAMESPACE}" -o json | jq -r '.data["token"]' | base64 -d)
echo $TOKEN

The TOKEN you get here for example :

This is to be used in creating kubernetes cluster Service Account Token.

Verify the service account (testadmin) has cluster-admin access using kubectl:

kubectl config set-credentials testadmin --token=$TOKEN

kubectl config set-context --current --user=testadmin

Once this is done , you can try creating an infra definition using this Cloud provider.